ACCORDING to SecurityWeek, Cisco and F5 this week issued patches for multiple high-severity vulnerabilities across their products, including DoS, arbitrary command execution, and privilege escalation.
Cisco rolled out fixes for five defects, two of which are high-severity in TelePresence Collaboration Endpoint and RoomOS software, along with Meeting Management; CVE-2026-20119 can be exploited remotely without authentication to cause a DoS by a crafted meeting invitation, and CVE-2026-20098 (resolved in Meeting Management 3.12.1 MR) stems from improper input validation in the
web management interface, allowing authenticated attackers with at least the role of video operator to upload arbitrary files and execute commands with root privileges. Cisco also remediated three medium-severity defects in AsyncOS for Secure Web Appliance, Prime Infrastructure, and EPNM, and says none are known to be exploited in the wild.
On the F5 side, the February 2026 quarterly security notification covers five medium- and low-severity issues in BIG-IP and NGINX, including two high-severity bugs: CVE-2026-22548, which can trigger a DoS by restarting the bd process when certain security policies are configured, and CVE-2026-1642, affecting NGINX to enable MitM-style response injection.
Additional fixes address medium-severity flaws in BIG-IP container ingress for Kubernetes/OpenShift and low-severity issues in BIG-IP Edge Client, browser VPN, and BIG-IP Configuration utility, with F5 noting these flaws have not been exploited in the wild.